Login with Link (auth back-end only)
To be clear, this is just a fun hack for now. Yes, it works! No, it's not official (from Stripe). Yes, I might change it to break at any time.
For now, all responsibilty for anything breaking should be directed to m@rkmoriarty.com.
Questions?
If you work at Stripe: Ask questions on #login-with-link.
Otherwise, email markmoriarty+loginwithlink@stripe.com 👋
Sunday 5/22: These docs will describe how to use this via API only.
You will bring your own session management library (e.g., authjs.dev, as used on shop.markmoriarty.com)
The main steps are quite simple:
/lookup
Collect a user's email for login or signup: Look up this email to see if the email exists on the Link network. We will send you aclient_secret
in our response.
(If the user does NOT exist on Link: invite them to sign up for Link. Otherwise, continue with the below.)
/start_verification
If the user does exist on Stripe: ask Stripe to send them the SMS verification code.
/authenticate
Collect the 6-digit code from the user using a form of your own design. Submit this to Stripe, along with the `client_secret` we sent you in step 1.
Click "next" to view instructions to use API only: https://docs.loginwithlink.com/use-api-only/about-this-option-api-only
In a few days(?): Plausibly I could spin up a basic OIDC provider
Redirect from your site to a Stripe-hosted "Login with Link/Stripe" page, just like you'd do for "Log in with Twitter" or "Log in with GitHub".
Wish: rally >1 other Stripes to have other session-management front-ends (ideally not also using next-auth.js), using this new (minimal) OIDC provider. This should help demonstrate (to less technical folks) how to separate "Login with Link" (as just OIDC) from "session management" (using libraries like next-auth, firebase, supabase, etc.)
Based on today's research, it seems quite doable. Stripe out the front-end pages like /users, and do a redirect instead of log in action, so developer can B.Y.O. session management library: read more.
Last updated